Network Operation Request Auditing System Based On SDN In Cloud Environment

With the development of virtualization technology and the progress of cloud computing,more and more manufacturers are building their own cloud data centers.Small companies also pay for deploying their business servers as virtual machines to save money.The development of cloud data centers also promotes the development of infrastructure technologies for data centers.Among them,SDN is a brand new structure of network technology,not only provides flexible configuration and manageable capabilities,but also suitable for data center network size,as an infrastructure for the data center network layer.In data centers,virtual machines and their services are free to migrate,and the creation and deletion of new services and related virtual machines are also frequent,thus makes the network traffic distribution varies a lot and irregular.These network characteristics become a very high challenge for the stable operation.In order to analyze and monitor the traffic of a host in the network,the secure and operation departments need to push flow entries to the SDN controller to change the forwarding behavior of the related data flow to pass through specific monitor and analyze devices.This requires the SDN controller to open relevant network forwarding rule modification request API,and these third-party systems control the forwarding behavior of related data streams by calling these interfaces for their demands.However,these network data flow forwarding path modifications may lead to risks,makes the user's business system,and even the stability of the network have an impact.Therefore,a guarantee and audit mechanism is required to ensure that third-party network business request Will not affect the normal operation of the network and user services.The innovation of this paper is as follows:We designed and set up a SDN-based data center test bed,and in the test bed,we build the audit system based on the business request and the routing loop passive detection system,and finally encapsulate them into a callable system function module.Firstly,the active audit system of network business request proposed in this paper simulates the forwarding behavior of the data flow in the network before requesting the relevant flow table to make a substantial change in the network,and obtains the forwarding behavior of the relevant data flow through the algorithm.Analyze the result of the algorithm from the perspective of routing loop and routing black hole to ensure that the network service request will not affect the normal behavior of the network and ensure the normal operation of the network and user traffic.Secondly,as an additional function,this paper proposes a passive routing algorithm based on data flow TTL statistics,which is used to periodically detect whether there is a routing loop in the network,so that this scheme can accurately and proactively audit and passively detect Avoid routing loops.Compared with the existing algorithms,the active audit function proposed in this paper has less space complexity and requires fewer additional controllers and switch signaling interaction times when the algorithm is running.In this paper,we propose a statistical-based passive detection algorithm for routing loops,which has been experimentally verified to maintain high accuracy under harsh and practical scenarios such as low sampling rates and more frequent detection cycles.